Policies in this category are intended to automate the following deprovisioning-related tasks on user accounts:
- Disable the user account.
- Set the user password to a random value.
- Set the user’s logon names to random values.
- Rename the user account.
- Modify other properties of the user account.
When configuring a policy of this category, you specify how you want Active Roles to modify the user’s account in Active Directory upon a request to deprovision a user so that once the deprovision operation is completed, the deprovisioned user cannot log on to the network.
You may also configure a policy to update any user properties, such as those that regulate users’ membership in Active Roles Managed Units. In this way, the policy can automate the addition or removal of deprovisioned users from Managed Units.